[KnuckleBuster]

My girlfriend's sister dropped off her computer on Saturday saying that she switched from AOL to IE and started getting tons of popups, then her computer would just reboot for no reason. She also said that some of the popups asked her to grant or deny access - sometimes she would deny access, other times she would allow it...talk about opening the door and asking for trouble.

Anyway, I've tried running Adaware (with latest update), CWShredder, Spybot (which keeps popping up asking to allow changes to the registry), and PestPatrol. Now it's time for the Hijack This log. So, here it is...please help me help this poor girl. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 11:26:17 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Documents\Fixes for Sheri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: comments (such
O1 - Hosts: comments as
O1 - Hosts: comments these)
O1 - Hosts: comments may
O1 - Hosts: comments be
O1 - Hosts: comments inserted
O1 - Hosts: comments on
O1 - Hosts: comments individual
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshtpbl.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsi36.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [afxgpdoa] C:\WINDOWS\jxrrpnhz.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [binmsvc] C:\WINDOWS\Web\printers\binmsvc.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [*binmsvc] C:\WINDOWS\Web\printers\binmsvc.exe
O4 - HKLM\..\Run: [*crutil] C:\WINDOWS\system\crutil.exe
O4 - HKLM\..\Run: [*binweb] C:\WINDOWS\Help\binweb.exe
O4 - HKLM\..\Run: [*tapidb] C:\WINDOWS\Driver Cache\tapidb.exe
O4 - HKLM\..\Run: [*vbdos] C:\WINDOWS\inf\vbdos.exe
O4 - HKLM\..\Run: [*dbinfo] C:\WINDOWS\system\dbinfo.exe
O4 - HKLM\..\Run: [*msdvd] C:\WINDOWS\inf\msdvd.exe
O4 - HKLM\..\Run: [*rasav] C:\WINDOWS\Driver Cache\rasav.exe
O4 - HKLM\..\Run: [*nuts] C:\WINDOWS\inf\nuts.exe
O4 - HKLM\..\Run: [*apwms] C:\WINDOWS\msagent\apwms.exe
O4 - HKLM\..\Run: [*sw] C:\WINDOWS\addins\sw.exe
O4 - HKLM\..\Run: [*xmlmsvc] C:\WINDOWS\repair\xmlmsvc.exe
O4 - HKLM\..\Run: [*avutil] C:\WINDOWS\Web\printers\avutil.exe
O4 - HKLM\..\Run: [*imgodbc] C:\WINDOWS\system32\DirectX\imgodbc.exe
O4 - HKLM\..\Run: [*logmp3] C:\WINDOWS\Web\logmp3.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\aruiat.exe reg_run
O4 - HKLM\..\Run: [immin] C:\WINDOWS\mm15201518.a.Stub.exe
O4 - HKLM\..\Run: [ugpgc6q3] C:\WINDOWS\system32\ugpgc6q3.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [tnpnv] C:\WINDOWS\system32\grkqjgpr\tnpnv.exe
O4 - HKLM\..\Run: [xgwtbcj] C:\WINDOWS\system32\rjmrrgka\xgwtbcj.exe
O4 - HKLM\..\Run: [jrcweqk] C:\WINDOWS\system32\oxfgmgl\jrcweqk.exe
O4 - HKLM\..\Run: [budodupr] C:\WINDOWS\system32\wdahui\budodupr.exe
O4 - HKLM\..\Run: [yfufq] C:\WINDOWS\system32\rhkneavv\yfufq.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\system32\PSof1.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Program Files\WinFixer 2005\WFX5.exe" /min
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zstart.lnk = C:\WINDOWS\Temp\zxinst12.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: ipacc - C:\DOCUME~1\user\LOCALS~1\Temp\ccapi.dat
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: xgwtbcjrjmrrgka - Unknown owner - C:\WINDOWS\system32\rjmrrgka\xgwtbcj.exe

Edited by KnuckleBuster, 05 September 2005 - 09:28 PM.

[Advertisements]

Any help/ideas? Please?

*Edited by an Administrator

Hello! Bumping your thread will not get you helped any quicker, as we look for threads with no replies. Also, we work from oldest to newest, and currently are working on logs that have been posted three to five days ago , sometimes even older. Please be patient with us. We are working as fast as we can without compromising the integrity of our work. If you have not received help within 5 days of your original post, please make a post in this thread with a link to your topic and you will be helped right away. 5 Day No Reply?


Sorry about that...won't happen again.

Edited by KnuckleBuster, 06 September 2005 - 03:43 PM.

[KnuckleBuster]

Any help/ideas? Please?

*Edited by an Administrator

Hello! Bumping your thread will not get you helped any quicker, as we look for threads with no replies. Also, we work from oldest to newest, and currently are working on logs that have been posted three to five days ago , sometimes even older. Please be patient with us. We are working as fast as we can without compromising the integrity of our work. If you have not received help within 5 days of your original post, please make a post in this thread with a link to your topic and you will be helped right away. 5 Day No Reply?


Sorry about that...won't happen again.

Edited by KnuckleBuster, 06 September 2005 - 03:43 PM.

[andydf]

Hello KnuckleBuster and welcome to Geeks To Go.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Lets start out with some general scans and see if we cant clean things up a little.

Run Ad-Aware with the latest update.

• Download the latest version of Ad-Aware (Ad-Aware SE Build 1.06r1) from here.
• If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
• After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
• Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
• Once the definitions have been updated:
• Reconfigure Ad-Aware for Full Scan as per the following instructions:
  • Launch the program, and click on the Gear at the top of the start screen.
  • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
    • "Automatically save logfile"
    • Automatically quarantine objects prior to removal"
    • Safe Mode (always request confirmation)
    • Prompt to update outdated confirmation) - Change to 7 days.
  • Click the "Scanning" button (On the left side).
  • Under Drives & Folders, select "Scan within Archives"
  • Click "Click here to select Drives + folders" and select your installed hard drives.
  • Under Memory & Registry, select all options.
  • Click the "Advanced" button (On the left hand side).
  • Under "Shell Integration", select "Move deleted files to Recycle Bin".
  • Under "Log-file detail", select all options.
  • Click on the "Defaults" button on the left.
  • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
  • Click the "Tweak" button (Again, on the left hand side).
  • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
    • "Unload recognized processes during scanning."
    • "Obtain command line of scanned processes"
    • "Scan registry for all users instead of current user only"
  • Under "Cleaning Engine", select the following:
    • "Automatically try to unregister objects prior to deletion."
    • "During removal, unload explorer and IE if necessary"
    • "Let Windows remove files in use at next reboot."
    • "Delete quarrantined objects after restoring"
  • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
  • Click on "Proceed" to save these Preferences.
  • Click on the "Scan Now" button on the left.
  • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
• Close all programs except ad-aware.
• Click on "Next" in the bottom right corner to start the scan.
• Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
• After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Plug-Ins for Ad-Aware (VX2 Cleaner)


*Close Ad-Aware, if it is currently open.

* Download the VX2 Cleaner 2.0 Plug-in Here.

* After installing, restart Ad-Aware before running the VX2 Cleaner.

*Using VX2 Cleaner 2.0

*NOTE: If you have earlier attempted to run Ad-Aware to remove VX2, you may need to run the VX2 Cleaner several times to remove possible VX2 remains.

*If you have already attempted to remove VX2 with Ad-Aware, do the following:

* Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed.

* Run the VX2 Cleaner. If you computer is infected with VX2, a dialog box with text such as “New VX2 variant found” or “VX2 variant 1 found” will appear.

* Press "Clean" and a dialog box with text “The first phase completed. Please reboot and perform a Smart Scan" will appear. After saving your work, reboot your system manually.

* Repeat this until the VX2 Cleaner reports "System clean". Press "Close” to exit.

* Run Ad-Aware one more time and scan your computer to make sure VX2 has been found and removed.


+++++ Step 1 +++++
Please download ewido security suite it is a free version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display "Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


Once the updates are installed do the following:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• NOTE: During some scans with ewido it is finding cases of false positives.**
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

Andy

[KnuckleBuster]

Hi Andy. Thanks for helping me out - sorry it took a while for me to get back to you...

Here are the log files:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:03:54 PM, 9/12/2005
+ Report-Checksum: B833E602

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetOffers -> Spyware.LZIO : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800} -> Spyware.VirtuMonde : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8E271-FAB9-418A-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72AC6865-B1D3-4C32-A27B-4B3BF04DE655} -> Spyware.VirtuMonde : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98BC949B-3D81-4750-836F-4BC57BD032EE} -> Spyware.VirtuMonde : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F32F8ECD-6CF3-459D-82F2-9738392C85A8} -> Spyware.VirtuMonde : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8E271-FAB9-418A-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72AC6865-B1D3-4C32-A27B-4B3BF04DE655} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98BC949B-3D81-4750-836F-4BC57BD032EE} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F32F8ECD-6CF3-459D-82F2-9738392C85A8} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-2501954535-3802400216-3657561249-1008\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8E271-FAB9-418A-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72AC6865-B1D3-4C32-A27B-4B3BF04DE655} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98BC949B-3D81-4750-836F-4BC57BD032EE} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F32F8ECD-6CF3-459D-82F2-9738392C85A8} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
[764] C:\DOCUME~1\user\LOCALS~1\Temp\ccapi.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\All Users\Documents\Fixes for Sheri\Hijack\backup-20040831-201720-964.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\3pm.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\3pmgol.dat -> TrojanDownloader.Agent.fl : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\3pmsmw.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\agvbac.dat -> TrojanDownloader.Agent.l : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\agvcbdo.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ahfxkjxq.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\aluebil.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\aluegmi.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\anudhjrv.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\avajgol.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\avajsm.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\avajten.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\awfieupo.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\bacnib.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\barqsfyt.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\bews.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\bkc.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\blqcpnbd.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\bqbrlvqc.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\bvger.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\bvtypeov.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\bvw.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cacyjlgv.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\caevaw.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cbdorc.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cbdotun.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ccaavaj.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ccapi.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ccarba.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cfmitna.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cfmsmw.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cmpa.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cniam.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\codkab.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\codptf.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cp3pm.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cpsa.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cseepyxj.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ctts.exe -> TrojanSpy.VBStat.a : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cujhyedm.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cvsmmoc.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cvsmoc.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\cw.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\dguhiifr.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\dmcelo.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\dmcssv.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\dmcw.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\dmjflpcj.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\dpymapkn.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\dsrsarvk.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ejgegmhy.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\eloipat.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\evawbac.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\evawrvs.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\fbfiukqv.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\fmcvudyo.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\fmumomnj.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\fnelysjs.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\gcveitoh.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\gerbk.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\gjoethtb.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\gmiten.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\hcfmbdel.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\hcvpytla.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\hfjadcdq.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\hhkkgkve.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\hhvdhphx.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\hnffpbou.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\i1D0.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\i2AB.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\i2C8.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\i4D.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ICD2.tmp\installer_PIVOTAL_DB.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ICD3.tmp\installer_MARKETING11.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ICD4.tmp\installer_MARKETING11.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ICD5.tmp\installer_MARKETING11.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ICD6.tmp\installer_VENDARE.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ICD7.tmp\installer_MARKETING11.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ifracsvi.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ihnesair.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ijldfuuo.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ipatnib.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ipatsa.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\isbxdfdb.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\itnacfm.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\itnasar.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ixerhgqu.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\jbeqyrtm.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\jljlxekg.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\kabtac.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\kmqplhgp.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\koqxlkkh.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\kqxkvvxh.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\krfxrrrs.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\krtgdrow.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ksatteni.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\kytauuxb.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\lcjovspk.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\liklscpj.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\litubk.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\litunib.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\litunu.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\lmxtnof.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\lrugepj.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\mhbghtun.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\mnmkvaji.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\mocavaj.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\msrliagh.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\mxhlmryk.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\nfgrncag.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\niamdvd.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\nibavaj.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\niwrc.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ntnidmnu.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\nugmi.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\numbscni.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\nunib.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\nurger.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\nursa.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\nurvs.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\oafbsqjk.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ocifpneq.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\okruyimg.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\oleguogp.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\opnicsrx.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\paepcucf.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\paevaw.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\pagmi.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\panu.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\patun.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\pdmibudc.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\peidepee.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\picod.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\plubsqgx.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\pndhkmuk.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\pomiyvve.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\psbamyfr.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ptflmx.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ptfyalp.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\pxelru.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\qcvbktjl.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\qmmbjnjk.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\qtsjubta.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\qwxptegd.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\raombexg.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rbapa.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rbvnckas.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rcvrd.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rgcyjwex.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rkbmhypn.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rrgsqvhh.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rvsrba.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rvssii.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\rwhusixt.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sabbk.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sablld.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sabtac.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sarbew.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\saripat.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sarpxe.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\saten.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\scvi50.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sdodaoav.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sibcxjbe.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\siibk.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\siism.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\smavaj.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\smwpa.dat -> TrojanDownloader.Agent.l : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\smwyek.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sndgmi.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\sndsar.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\spcbdo.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\spcca.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ssvger.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\stnof.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\stun.dat -> TrojanDownloader.Agent.l : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\suqcgjee.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\syscfm.dat -> Spyware.VirtuMonde : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\tacten.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVE9OJAZ\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\tenda.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\tjqnsgdy.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\tmlvwwxi.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\tnofkab.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\tnoflld.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\uedhruou.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\uftsxuqh.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\uufiwbdx.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\uxsnxaqg.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\uybhhbcl.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\uycxxxps.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vabv.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vanib.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vaniw.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vasar.dat -> TrojanDownloader.Agent.l : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vdlrlxlj.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\viedfkat.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vluslnfs.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vmtjilqs.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vnojenia.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vrdipat.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vrsbil.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\vsqqclpm.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\wbktmfas.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ws.dat -> TrojanDownloader.Agent.l : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\xafcvsm.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\xjnogjpo.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\xjosat.exe -> Worm.Opanki.p : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\xtfxcyvk.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\yalpvrs.dat -> TrojanSpy.Agent.ce : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\ydboxina.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\yekdrah.dat -> Trojan.Vundo : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\yfawonvi.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\yixsvtyf.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\yjedonds.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\yrrksysy.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\yrwtevxb.exe -> TrojanDropper.Agent.fh : Cleaned with backup
C:\kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\couponsandoffers\couponsandoffers.exe -> Spyware.TopMoxie : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/user@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Cookies/[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/user@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/temp/cookies/[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Installs.exe/kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Installs.exe/kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/temp/msbbhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/stubinstaller4292.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/stubinstaller5975.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/Temp/MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/preinsbi.exe -> Spyware.BiSpy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/lc.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/system32/winb2s32.dll -> Spyware.Beginto : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/61BI1T97/winb2s32[1].dll -> Spyware.Beginto : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/cas/client/casclient.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/casstub/casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/temp/altnet/admfdi.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/extract.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/msbbi.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/temp/altnet/adm25.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/temp/altnet/admdloader.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/media gateway/mediagateway.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/seeve.exe -> Spyware.MediaMotor : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/system32/ugpgc6q3.exe -> Adware.Saha : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Local Settings/Temp/bundlep.exe -> Adware.Saha : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Local Settings/Temp/bwf1003.exe -> Adware.Saha : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/juv57hh4.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/3ck1p5id.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/bl6ps9lb.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/dnlo72e5.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/e9jhjaro.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/esenarvs.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/fc7gqqjb.exe -> Adware.Saha : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/hhn71vgg.exe -> Adware.Saha : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/n04bh1tk.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/o3sl9338.exe -> Adware.Saha : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/t02e38r7.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/ssk3_b5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/Local Settings/Temp/SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM/UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM/utxthuaeaf.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/ajsldp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/cuyptext.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/djvmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/dodmoprp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/IctelNic.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/iimontr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/masip32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/movcp50.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/wedmlog.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/wkashext.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/wvnmp32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/wyhtcpip.dll -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/toolbar/gykhxlmu.rmr -> Spyware.IBIS : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/toolbar/nzqlihv.wzg -> Spyware.WebSearch : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/toolbar/xlmurin.wzg -> Spyware.IBIS : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/system32/cxdxregt.exe -> Trojan.Zx.12 : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/Temp/zxinst12.exe -> Trojan.Zx.12 : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/system32/swrt01.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/msgcenter_lminv1.exe -> TrojanDownloader.Lalus : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/installer_siac.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/optimize.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/mm15201518.a.Stub.exe -> TrojanDownloader.Delmed.a : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/876029.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/Temp/Temporary Internet Files/Content.IE5/4NO7E3AH/mm15201518.a.Stub[1].exe -> TrojanDownloader.Delmed.a : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/support software/ss2.dll -> Spyware.MediaPops : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/Support Software/install.exe -> Spyware.Downloadware : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/mysearch/bar/1.bin/s4bar.dll -> Spyware.MyWay : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Program Files/mysearch/bar/1.bin/npmysrch.dll -> Spyware.MyWay : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/temp/altnet/pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/temp/altnet/setup.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/temp/altnet/dmfiles.cab/AltnetUninstall.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/temp/altnet/dmfiles.cab/asmend.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/temp/fleok/msbb.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/temp/installer2.exe -> TrojanDropper.Delf.dj : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/temp/msbb.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/InstallAPS.exe -> TrojanDropper.Agent.lu : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/temp/omnigate.exe -> Spyware.Omnigate : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/dp803550.exe -> TrojanDownloader.Lalus : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/reg6523.exe -> Spyware.Beginto : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/Documents and Settings/user/local settings/temp/host.exe -> Trojan.KillFiles.fz : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/system32/exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/CLEANexp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/WINDOWS/SYSTEM32/wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050904221252.zip/windows/etb/pokapoka63.exe -> Spyware.EliteBar : Cleaned with backup
C:\Program Files\PestPa

[KnuckleBuster]

It doesn't look like the all the log files made it into the post, so I will attach them...

Attached Files

•  Scan_report_20050912.txt.txt   123.01KB   163 downloads
•  Kaspersky_log.txt   147.1KB   441 downloads
•  hijackthis_log.txt   8.16KB   183 downloads
•  uninstall_list.txt   3.3KB   188 downloads

Edited by KnuckleBuster, 12 September 2005 - 10:33 PM.

[andydf]

Hi Knucklebuster

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Andy

[KnuckleBuster]

Again, the report is too long for the post window, so I'm attaching the text file.

Thanks for your help Andy!

Attached Files

•  report.txt   17.3KB   112 downloads

Edited by KnuckleBuster, 13 September 2005 - 08:29 PM.

[andydf]

Hi KnuckleBuster

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

1.
Please download THIS TOOL from symantec.
Once it is downloaded, run the tool and and let it scan your machine. It will remove any files that it finds.

Download CLEANUP install it then close the program, we will run it later.

2.
Please download LQfix.exe and save it to your desktop.

• Double-Click LQfix.exe and click Next > Next > Install.
• Leave the default settings, if you change them, the fix will Fail!
• Now make sure the "Launch LQfix" box is checked.
• Click the Finish button, after clicking the Finish button the fix will start.
• Follow the on-screen prompts.
• Your system will now reboot afterwards.
• Please be patient after the reboot, there is a script running in the background that needs to complete.

3.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. (if present)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O1 - Hosts: comments (such
O1 - Hosts: comments as
O1 - Hosts: comments these)
O1 - Hosts: comments may
O1 - Hosts: comments be
O1 - Hosts: comments inserted
O1 - Hosts: comments on
O1 - Hosts: comments individual
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshtpbl.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsi36.dll (file missing)
O4 - HKLM\..\Run: [afxgpdoa] C:\WINDOWS\jxrrpnhz.exe
O4 - HKLM\..\Run: [binmsvc] C:\WINDOWS\Web\printers\binmsvc.exe
O4 - HKLM\..\Run: [*binmsvc] C:\WINDOWS\Web\printers\binmsvc.exe
O4 - HKLM\..\Run: [*crutil] C:\WINDOWS\system\crutil.exe
O4 - HKLM\..\Run: [*binweb] C:\WINDOWS\Help\binweb.exe
O4 - HKLM\..\Run: [*tapidb] C:\WINDOWS\Driver Cache\tapidb.exe
O4 - HKLM\..\Run: [*vbdos] C:\WINDOWS\inf\vbdos.exe
O4 - HKLM\..\Run: [*dbinfo] C:\WINDOWS\system\dbinfo.exe
O4 - HKLM\..\Run: [*msdvd] C:\WINDOWS\inf\msdvd.exe
O4 - HKLM\..\Run: [*rasav] C:\WINDOWS\Driver Cache\rasav.exe
O4 - HKLM\..\Run: [*nuts] C:\WINDOWS\inf\nuts.exe
O4 - HKLM\..\Run: [*apwms] C:\WINDOWS\msagent\apwms.exe
O4 - HKLM\..\Run: [*sw] C:\WINDOWS\addins\sw.exe
O4 - HKLM\..\Run: [*xmlmsvc] C:\WINDOWS\repair\xmlmsvc.exe
O4 - HKLM\..\Run: [*avutil] C:\WINDOWS\Web\printers\avutil.exe
O4 - HKLM\..\Run: [*imgodbc] C:\WINDOWS\system32\DirectX\imgodbc.exe
O4 - HKLM\..\Run: [*logmp3] C:\WINDOWS\Web\logmp3.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [immin] C:\WINDOWS\mm15201518.a.Stub.exe
O4 - HKLM\..\Run: [ugpgc6q3] C:\WINDOWS\system32\ugpgc6q3.exe
O4 - HKLM\..\Run: [tnpnv] C:\WINDOWS\system32\grkqjgpr\tnpnv.exe
O4 - HKLM\..\Run: [xgwtbcj] C:\WINDOWS\system32\rjmrrgka\xgwtbcj.exe
O4 - HKLM\..\Run: [jrcweqk] C:\WINDOWS\system32\oxfgmgl\jrcweqk.exe
O4 - HKLM\..\Run: [budodupr] C:\WINDOWS\system32\wdahui\budodupr.exe
O4 - HKLM\..\Run: [yfufq] C:\WINDOWS\system32\rhkneavv\yfufq.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Program Files\WinFixer 2005\WFX5.exe" /min
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zstart.lnk = C:\WINDOWS\Temp\zxinst12.exe
O4 - Global Startup: npti.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: ipacc - C:\DOCUME~1\user\LOCALS~1\Temp\ccapi.dat (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):

Sidebar Search
Web Search
SurfSideKick 3
WinFixer

Please note any other programs that you dont recognize in add/remove in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\SurfSideKick 3
C:\WINDOWS\system32\grkqjgpr
C:\WINDOWS\system32\rjmrrgka
C:\WINDOWS\system32\oxfgmgl
C:\WINDOWS\system32\wdahui
C:\WINDOWS\system32\rhkneavv
C:\Program Files\WinFixer 2005


Please delete these files using Windows Explorer(if present):
Use windows search facility if you have trouble finding these files.

C:\WINDOWS\jxrrpnhz.exe
C:\WINDOWS\Web\printers\binmsvc.exe
C:\WINDOWS\system\crutil.exe
C:\WINDOWS\Help\binweb.exe
C:\WINDOWS\Driver Cache\tapidb.exe
C:\WINDOWS\inf\vbdos.exe
C:\WINDOWS\system\dbinfo.exe
C:\WINDOWS\inf\msdvd.exe
C:\WINDOWS\Driver Cache\rasav.exe
C:\WINDOWS\inf\nuts.exe
C:\WINDOWS\msagent\apwms.exe
C:\WINDOWS\addins\sw.exe
C:\WINDOWS\repair\xmlmsvc.exe
C:\WINDOWS\Web\printers\avutil.exe
C:\WINDOWS\system32\DirectX\imgodbc.exe
C:\WINDOWS\Web\logmp3.exe
C:\WINDOWS\mm15201518.a.Stub.exe
C:\WINDOWS\system32\ugpgc6q3.exe
C:\WINDOWS\system32\d140113.a.Stub.EXE
C:\WINDOWS\system32\pshwr.exe
npti.exe

4.
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

After that, Reboot.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.

Andy

[KnuckleBuster]

Hi Andy,

I turned off the Teatime in Spybot, but I could not download the tool in the first part of your instructions:

"1. Please download THIS TOOL from symantec.
Once it is downloaded, run the tool and and let it scan your machine. It will remove any files that it finds."

I tried it on the "bad" computer and also my computer and neither will download it.

Also, I have been doing everything in "Safe Mode with networking" on the computer in question because running in regular mode was almost impossible. Hopefully this hasn't screwed things up.

Let me know if I'm doing something wrong with the download...or if I can get it elsewhere....

Thanks,
Jay

[andydf]

Hi Jay

I can only think that your security settings are not allowing you to download the tool, carry out the fix from the "download cleanup" stage and we wil see whats left.
Don't worry about running in safe mode, hopefully you will be able to run in normal windows when the rubbish has gone.

Andy

[KnuckleBuster]

Hi Andy,

I really appreciate your help and patience...I ran into a problem, however.

After fixing the issues whith HijackThis (an error message popped up saying "An unexpected error has occured at procedure: modBackup_MakeBackup (sItem = 020 - AppInit_DLLs:repairs.dll) Error #5 - Invalid procedure call or arguement) and rebooting in Safe Mode, I was unable to open the Control Panel. Windows Explorer (not the entire computer) rebooted. The "Safe Mode" in the four corners of the screen stayed there, but all the desktop icons disappeared and the window that warns you that you are running in Safe Mode popped up, just as if you had just booted up Windows.

I tried running in regular mode for the firstr time since we started this, and although it boots up much faster, there are still a few issues: first, Control Panel is still not working.

Next, a screen pops up that reads:

16 Bit Windows Subsystem
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.

In the toolbar there is running "Hotkey Keyboard"

There were 3 full screen popups - RedNova, GUBA, and brainfox

A PestPatrol window popped up that read:

A pest has been found in memmory!
Process: 4ikqkll.exe
File: C:/WINDOWS/system32/4ikqkmll.exe
PVT: -1834728649
Pest: SAHAgent

Another 2 Pest Patrol windows popped up after that reading:

cxdxregt.exe
C:/WINDOWS/system32/cxdxregt.exe
1207158971
Zeno Search

w181609.Stub.exe
c:DOCUME~1/USER/LOCALS~1/TEMP/W18
-977349344
Del Fin Media Viewer

At that point I shut down the computer and decided to run all this by you before proceding any further or clicking on things I didn't understand.

Hopefully this isn't as bad as I think it might be - the Control Panel problem has me worried a bit.

Thanks again,
Jay

[andydf]

Hi Jay

If you can, please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.

• Once you get to the Panda site, scroll down a bit and click on Scan your PC
• A new window will appear; click on Check Now!
• A new window will appear; fill in the boxes (Country, State, email addy)
• Click on Scan Now! >
  If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
• From "Select a device to scan...", choose "My Computer"
• Allow the scan to run. It'll take a while.
• When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
• I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

Please post a fresh HJT log

Andy

Edited by andydf, 17 September 2005 - 05:17 AM.

[KnuckleBuster]

Hi Andy,

Here's the ActiveScan log:


Incident Status Location

Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\SYSTEM32\PSHWR.EXE
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM32\VIDCTRL\VIDCTRL.EXE
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM32\NSVSVC\NSVSVC.EXE
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskCore.dll
Adware:adware/searchresults No disinfected C:\WINDOWS\system32\qlink32.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskBho.dll
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\repairs.dll
Adware:adware/consumeralertsystemNo disinfected C:\Documents and Settings\user\Local Settings\Temp\cassetup.exe
Adware:adware/kingporn No disinfected C:\Documents and Settings\user\Local Settings\Temp\ExtractDLL.dll
Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\user\Local Settings\Temp\SSK3_B5.exe
Adware:adware/virtualbouncer No disinfected C:\Documents and Settings\user\Local Settings\Temp\wrapperouter.exe
Adware:adware/pacimedia No disinfected C:\Documents and Settings\user\Favorites\1111\1111.url
Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Spyware:spyware/safesurf No disinfected C:\WINDOWS\SYSTEM32\pkshobbu.dll
Adware:adware/searchresults No disinfected C:\WINDOWS\SYSTEM32\qlink32.dll
Adware:adware/qoologic No disinfected C:\WINDOWS\SYSTEM32\wuauclt.dll
Adware:adware/ilookup No disinfected C:\WINDOWS\SYSTEM32\xbox_round1.bmp
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/delfinmedia No disinfected C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\RemoveDisplayUtility.exe
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/comet No disinfected C:\WINDOWS\INF\dm.inf
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/exactsearch No disinfected C:\WINDOWS\exdl.exe
Spyware:spyware/lzio-media No disinfected C:\WINDOWS\io2uns.exe
Adware:adware/ncase No disinfected C:\WINDOWS\msbb.exe.temp
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Adware:adware/topmoxie No disinfected C:\PROGRAM FILES\couponsandoffers
Adware:adware/imgiant No disinfected C:\PROGRAM FILES\joystick networks
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/cws No disinfected C:\Documents and Settings\user\Favorites\-Autos-
Adware:adware/sidesearch No disinfected C:\Documents and Settings\user\Application Data\Lycos
Adware:adware/savenow No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv
Spyware:spyware/media-motor No disinfected Windows Registry
Virus:W32/Sdbot.EFG.worm Disinfected C:\a.bat
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\All Users\Documents\Fixes for Sheri\backups\backup-20050916-181253-103.dll
Virus:Trj/Agent.AKT Disinfected C:\Documents and Settings\All Users\Documents\Fixes for Sheri\backups\backup-20050916-181254-674-npti.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temp\131850_3876_812_5124_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temp\65998_3904_3152_2992_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temp\66032_872_2060_4632_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temp\66062_2360_2060_4512_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temp\66084_3152_3924_5324_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temp\66086_1220_812_4804_63.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Local Settings\Temp\66230_3876_812_4996_63.41.tmp1
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\agvnib.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\alue3pm.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\aluelru.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\avajbew.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\avajyek.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\bacniw.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\bdpxe.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\bewdrah.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\bewtac.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\cfm3pm.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\cmsod.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\codgmi.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\codmoc.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\cvsmtnof.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\cvsniw.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\dadrah.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\dmcpa.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\elobv.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\evawgol.dat
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\user\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/QoolAid No disinfected C:\Documents and Settings\user\Local Settings\Temp\f2471312.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\geripat.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\gmielo.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\gmitun.dat
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\user\Local Settings\Temp\i6.tmp
Adware:Adware/ExactSearch No disinfected C:\Documents and Settings\user\Local Settings\Temp\ICD10.tmp\installer_MARKETING32.exe
Adware:Adware/ExactSearch No disinfected C:\Documents and Settings\user\Local Settings\Temp\ICD8.tmp\installer_MARKETING32.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\ipatbd.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\itnabv.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\itnalru.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\itnanur.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\ksatnu.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\ksatvrs.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\lldtun.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\lldvrs.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\nibksid.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\niwsod.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\nurtac.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\paxaf.dat
Virus:Trj/Downloader.AYV Disinfected C:\Documents and Settings\user\Local Settings\Temp\polu.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\ptfpa.dat
Virus:W32/Gaobot.batch Disinfected C:\Documents and Settings\user\Local Settings\Temp\r.bat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\sabcp.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\saca.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\siiipat.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\sndrc.dat
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\user\Local Settings\Temp\sntaudio.tmp
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\sodbk.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\sodelo.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\sods.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\sodsa.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\spger.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\ssvcm.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\stn.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\syssmw.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\tacssv.dat
Virus:Trj/Agent.AKT Disinfected C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\IP894ZIP\rcverlib[1].exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\teniten.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\updtool.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\vrdcfm.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\vrspct.dat
Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\user\Local Settings\Temp\w181609.Stub.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\wrba.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\yalpelo.dat
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\user\Local Settings\Temp\yekw.dat
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\Uninstall.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Insworks\Cache\00000728_431cf7d2_000c797b
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Insworks\Cache\00004027_431cf77d_00049b52
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Insworks\Cache\00004c66_431cf7e2_000922fd
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Insworks\Cache\000051d1_431cf7d3_00073ab5
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Insworks\Cache\00006d4e_431cf7e8_0006fdac
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Insworks\Cache\000079d1_431cf7cf_0007f1d0
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\Ssk.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskBho.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskCore.dll
Adware:Adware/WUpd No disinfected C:\update.html
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\bar.exe
Adware:Adware/CaptainCode No disinfected C:\WINDOWS\Downloaded Program Files\ccbar.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MARKETING32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\exdl.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\bi9.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\biS.inf
Spyware:Spyware/LZIO-Media No disinfected C:\WINDOWS\io2uns.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall5_48.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Registration\acfax.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\security\logs\xml.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Virus:Trj/LdPinch.LD Disinfected C:\WINDOWS\SYSTEM32\brombao.exe
Spyware:Spyware/Spytool No disinfected C:\WINDOWS\SYSTEM32\ctts.exe
Adware:Adware/Qoologic No disinfected C:\WINDOWS\SYSTEM32\frlwf.dll
Adware:Adware/Qoologic No disinfected C:\WINDOWS\SYSTEM32\itooico.dll
Virus:Trj/Downloader.AYV Disinfected C:\WINDOWS\SYSTEM32\newexp
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM32\nsvsvc\nsv.ocx
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe
Virus:Trj/Downloader.EMT Disinfected C:\WINDOWS\SYSTEM32\oxfgmgl\jrcweqk.exe
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\SYSTEM32\pkshobbu.dll
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\SYSTEM32\pshwr.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\SYSTEM32\repairs.dll
Adware:Adware/Iagold No disinfected C:\WINDOWS\SYSTEM32\rgvczdjx.dll
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\SYSTEM32\skytown.exe
Adware:Adware/CWS No disinfected C:\WINDOWS\SYSTEM32\svcmn.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\updtool.exe
Virus:Trj/Downloader.AYV Disinfected C:\WINDOWS\SYSTEM32\VB3.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM32\vidctrl\vidctrl.exe
Virus:Trj/Downloader.EMU Disinfected C:\WINDOWS\SYSTEM32\wdahui\27.tmp
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\xmltok.dll
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\Temp\ExtractDLL.dll
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temp\i1D.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temp\i27E.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temp\i28.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temp\i2E.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temp\i30A.tmp
Spyware:Spyware/LZIO-Media No disinfected C:\WINDOWS\untokuoitu.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\vssas.exe

_________________________________________

And here's the Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 10:09:25 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\Fixes for Sheri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [4ikqkmll] C:\WINDOWS\system32\4ikqkmll.exe
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\cxdxregt.exe DO0605
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\qlink32.dll
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: xgwtbcjrjmrrgka - Unknown owner - C:\WINDOWS\system32\rjmrrgka\xgwtbcj.exe

Thanks again!
Jay

[andydf]

Hi Jay

There's alot of files still in your temp folders, and still alot of random entries in your log.
I would like to run a couple more automated cleanup programs.

1.
a-squared Free is a trojan removal tool. To be able to use it, you must set up a free a-squared Account, to get access to the update server.
Please setup an a-squared account at the following link:
http://www.emsisoft....oftware/account

Then download a-squared free from this link:

http://www.emsisoft....ftware/download

Install it and update it, then close it, we will run it later.

2.
Please open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

Then boot your computer to Safe Mode.

3.
Once in safe mode fire up a-squared and let it run. Do not fix anything yet lets just see what it finds. When it is done scanning click the save log as html button.

Reboot to normal windows and upload that html file with your next post. I will go through and analyze the log to tell you if any of the files should not be removed.

4.
Go to add/remove and uninstall the following (if present)

Select CashBack
SelectRebates
SelectRebates
SelectRebates
SelectRebates
Sidebar Search
Web Search

Andy

Edited by andydf, 19 September 2005 - 02:12 PM.

[KnuckleBuster]

Hi Andy,

I still cannot open the control panel on the infected computer, therefore, I can't remove those programs. Is there another way other than the control panel to remove the programs and all of the registry strings associated with them? Could I set up a remote desktop connection between my working computer and the infected one, then remove the programs that way?

Here is the a-squared log:

Thanks for helping me through this,
Jay

Attached Files

•  report_9202005_71736_PM.html   5.86KB   38 downloads